Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Also, within the specific context of Thorn SFTP gateway, this leads to remote code execution.
References
Link | Resource |
---|---|
https://help.thorntech.com/docs/sftp-gateway-gcp-3.0/gcp-java-deserialization-rce/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-10-31T00:00:00
Updated: 2023-10-31T03:50:10.294511
Reserved: 2023-10-31T00:00:00
Link: CVE-2023-47174
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-10-31T04:15:11.313
Modified: 2023-11-08T17:55:32.253
Link: CVE-2023-47174
JSON object: View
Redhat Information
No data.
CWE